<?php
/**
 * Can Load a user's permission,groups information and works as user's manager
 * for managing acl related things.
 *
 * @author Ishtiaque Shahrier <md.ishtiaque@newgenbd.net>
 * @package acl
 * @subpackage libraries
 */

class permission_manager_l_acl {
    const SESS_ACL_PERMISSION_MANAGER = 'acl_permission_manager';
        
    protected $user_id          = NULL;
    protected $group_id         = NULL;
    protected $permission_data  = array();

    /**
     * protected constructor.To get an instance use permission_manager_l_acl::i()
     */
    protected function __construct() {
        $user = get_logged_user();
        if (!$user) {
            logger::i()->error("Logged in user cannot be NULL!!", "user", "acl");
        } else {
            $this->user_id = $user->id;
            if (($tmp = service_l_acl::get_user_group($this->user_id)) !== NULL) {
                $this->group_id = $tmp->id;
                $permission_data = service_l_acl::get_group_permissions($this->group_id, TRUE);
                if (count($permission_data)) {                  
                    foreach ($permission_data as $data) {
                        $this->permission_data[$data->name] = $data;
                    }
                } 
            }
        }
    }
    
    /**
     * Returns TRUE if the user has a permission group else FALSE
     * @return bool
     */
    public function user_has_group(){
        return $this->group_id===NULL ? FALSE: TRUE;
    }

    /**
     * Returns TRUE if the user has any kind of permissions.Note that
     * A user might be under a permission group but has no permission data
     * 
     * @return bool
     */
    public function user_has_permissions() {
        return count($this->permission_data)<=0 ? FALSE : TRUE;
    }

    /**
     * Runs the permission and returns the result TRUE if allowed else FALSE
     *
     * @param string $permission_name
     * @param mixed $param additional data if any that you want to pass to the permission
     * @return bool
     */
    public function is_allowed($permission_name,$param=NULL) {
        $return = $this->__run_permission($permission_name,$param);
        return $return===NULL ? FALSE : $return;
    }
    /**
     * Runs the permission and returns the result FALSE if not allowed else TRUE
     *
     * @param string $permission_name
     * @param mixed $param additional data if any that you want to pass to the permission
     * @return bool
     */
    public function is_not_allowed($permission_name,$param=NULL) {
        $return = $this->__run_permission($permission_name,$param);
        return $return===NULL ? TRUE : $return;
        
    }
    /**
     * Uses the service class methods to testify a permision
     * @see service_l_acl::run_permission_driver
     * @internal
     * @param string $permission_name
     * @param mixed $param additional data if any that you want to pass to the permission
     * @return bool
     */
    private function __run_permission($permission_name,$param=NULL) {
        if (isset($this->permission_data[$permission_name])) {            
            return service_l_acl::run_permission_driver($this->permission_data[$permission_name], $this->user_id, $this->group_id,$param);
        }else{
            return NULL;
        }
        
    }

    /**
     * Creates an instance of this class or served from the previously created
     * one from session.to discard the session one and get a fresh copy pass
     * TRUE in the param.
     * 
     * @param bool $force_reload if TRUE
     * @return permission_manager_l_acl
     */
    public static function i($force_reload=FALSE) {
        $saved_session_object ;
        if($force_reload===TRUE){
            $saved_session_object = NULL;            
        }else{
            $saved_session_object = get_instance()->session->userdata(self::SESS_ACL_PERMISSION_MANAGER, TRUE);
        }
        
        $obj = NULL;
        if (!$saved_session_object) {
            $obj = new permission_manager_l_acl();
            get_instance()->session->set_userdata(self::SESS_ACL_PERMISSION_MANAGER, $obj);
        } else {
            $obj = $saved_session_object;
        }

        return $obj;
    }

}

?>